Lucene search
K

35 matches found

RedhatCVE
RedhatCVE
added 2025/02/05 2:41 a.m.13 views

CVE-2024-33003

Some OCC API endpoints in SAP Commerce Cloud allows Personally Identifiable Information PII data, such as passwords, email addresses, mobile numbers, coupon codes, and voucher codes, to be included in the request URL as query or path parameters. On successful exploitation, this could lead to a Hi...

9.1CVSS6.8AI score0.00475EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/08/13 12:0 a.m.6 views

PT-2024-6173 · Sap · Sap Commerce Cloud

Name of the Vulnerable Software and Affected Versions: SAP Commerce Cloud affected versions not specified Description: The issue is related to errors in processing information in the OCC API Endpoint component of SAP Commerce Cloud. This could allow a remote attacker to gain unauthorized access t...

9.4CVSS7.2AI score0.00475EPSS
Exploits0References10
OSSF Malicious Packages
OSSF Malicious Packages
added 2024/07/02 5:22 a.m.4 views

Malicious code in orderly-omnichain-occ (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 57b64418122a9d4dc72113e97a702d8b75052c00b0116af195f79b902a4b5bd7 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.9AI score
Exploits0References3
Openbugbounty
Openbugbounty
added 2024/04/11 12:19 p.m.6 views

occ-omnisports.com Cross Site Scripting vulnerability OBB-3915989

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

6.2AI score
Exploits0
CVE
CVE
added 2023/08/08 12:56 a.m.2511 views

CVE-2023-37486

Summary : CVE-2023-37486 corresponds to an information-disclosure issue in SAP Commerce (OCC API). The affected components are SAP Commerce Cloud/Hybris with OCC API endpoints HY_COM 2105, HY_COM 2205, and COM_CLOUD 2211. According to the provided documents, under certain conditions these endpoin...

7.5CVSS6.1AI score0.00435EPSS
Exploits0References2Affected Software2
Vulnrichment
Vulnrichment
added 2023/08/08 12:56 a.m.12 views

CVE-2023-37486 Information Disclosure vulnerability in SAP Commerce (OCC API)

Under certain conditions SAP Commerce OCC API - versions HYCOM 2105, HYCOM 2205, COMCLOUD 2211, endpoints allow an attacker to access information which would otherwise be restricted. On successful exploitation there could be a high impact on confidentiality with no impact on integrity and...

5.9CVSS6.6AI score0.00435EPSS
Exploits0References2
Cvelist
Cvelist
added 2023/08/08 12:56 a.m.26 views

CVE-2023-37486 Information Disclosure vulnerability in SAP Commerce (OCC API)

Under certain conditions SAP Commerce OCC API - versions HYCOM 2105, HYCOM 2205, COMCLOUD 2211, endpoints allow an attacker to access information which would otherwise be restricted. On successful exploitation there could be a high impact on confidentiality with no impact on integrity and...

5.9CVSS7.5AI score0.00435EPSS
Exploits0References2
Openbugbounty
Openbugbounty
added 2022/10/08 6:28 a.m.14 views

construction-occ.com Cross Site Scripting vulnerability OBB-2982745

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

Exploits0
NVD
NVD
added 2021/06/01 10:15 p.m.24 views

CVE-2021-32657

Nextcloud Server is a Nextcloud package that handles data storage. In versions of Nextcloud Server prior to 10.0.11, 20.0.10, and 21.0.2, a malicious user may be able to break the user administration page. This would disallow administrators to administrate users on the Nextcloud instance. The...

4.3CVSS0.01823EPSS
Exploits0References3
Cvelist
Cvelist
added 2021/06/01 10:10 p.m.28 views

CVE-2021-32657 Malicious user could break user administration page

Nextcloud Server is a Nextcloud package that handles data storage. In versions of Nextcloud Server prior to 10.0.11, 20.0.10, and 21.0.2, a malicious user may be able to break the user administration page. This would disallow administrators to administrate users on the Nextcloud instance. The...

4.3CVSS6.7AI score0.01823EPSS
Exploits0References3
Nextcloud
Nextcloud
added 2021/06/01 6:19 p.m.38 views

Malicious user could break user administration page

None...

4.3CVSS4.7AI score0.01823EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2021/06/01 12:0 a.m.3 views

PT-2021-19835 · Nextcloud +1 · Nextcloud Server +1

Name of the Vulnerable Software and Affected Versions: Nextcloud Server versions prior to 10.0.11 Nextcloud Server versions prior to 20.0.10 Nextcloud Server versions prior to 21.0.2 Description: A malicious user may be able to break the user administration page, disallowing administrators to...

10CVSS5.8AI score0.02604EPSS
Exploits2References38
The Hacker News
The Hacker News
added 2020/08/07 12:33 p.m.23 views

Capital One Fined $80 Million for 2019 Data Breach Affecting 106 Million Users

A United States regulator has fined the credit card provider Capital One Financial Corp with $80 million over last year's data breach that exposed the personal information of more than 100 million credit card applicants of Americans. The fine was imposed by the Office of the Comptroller of the...

0.3AI score
Exploits0
CVE
CVE
added 2018/09/11 3:0 p.m.61 views

CVE-2018-2463

SAP Hybris Commerce OCC API (Omni Commerce Connect) in version 6.* is vulnerable to SSRF due to misconfiguration of the XML parser in the server-side implementation. The issue enables potential unauthorized operations by an attacker who can trigger SSRF requests from the OCC server; impact is des...

8.6CVSS8.4AI score0.01638EPSS
Exploits0References3Affected Software1
The Coalfire Blog
The Coalfire Blog
added 2012/01/03 8:59 p.m.16 views

Cyber Security Fraud in the Banking Industry: Lessons Learned in OCC Examiner Training

In late October 2011, Coalfire participated in a day of IT audit training with about 35 bank examiners. As you would expect, we covered a lot of previously hot topics. The conversation changed as we started talking about the amount of fraud being realized by community banks and credit unions...

1.7AI score
Exploits0
Rows per page
Query Builder